Building an effective firewall blacklist can not only limit your employees' access to inappropriate or unproductive material, it can bolster your network's security. Firewall blacklists restrict access to and from certain websites, rendering them inoperable from your company's computers. As businesses' Internet needs and usage policies vary, the sites your company will need to blacklist will differ from others. However, there are a few website types that should be on virtually every blacklist policy.

Pornographic Websites

Pornographic websites are an obvious, but essential, blacklist choice. In addition to the content, which is seldom appropriate for a business atmosphere, pornographic websites often pose a significant security risk. On-page scripts, downloadable "plug-ins" and "codecs," DirectX content and more all can serve as a delivery device for viral threats. Once introduced, these threats can cripple a terminal and potentially an entire network if not adequately addressed. This doesn't even factor in the potential legal ramifications should an employee be offended and make a sexual harassment or hostile workplace claim.

Web Mail

Web mail itself is fairly innocuous -- it's just email hosted on a website server and accessed through a Web browser. However, it poses the same threat that unregulated desktop email clients do to a network: viral threats can be introduced into the system through file attachments. Web mail is harder to monitor through antivirus utilities, often requiring special setup if message scanning is available at all. Having access to personal email in the workplace also poses the threat of decreased productivity and potential workplace harassment through dummy email accounts.

Entertainment

Entertainment websites like YouTube and others form something of a gray area for blacklists. While some sites may offer useful resources like the myriad of "how-to" videos on YouTube, the risk of productivity decrease is also considerable. Employees may also offended by the content others are viewing and file complaints. In most cases, your company will be better off restricting access to these sites.

Social Networks

Social networking provides another risk to productivity, especially in employees who are easily distracted. Employees may also abuse social networks as a means of harassing coworkers. While some corporate social networking can be useful and even encouraged through tools like Microsoft's SharePoint, or for advertisement and customer support reasons, these sites are generally not ideal for the workplace.

File Sharing Websites

File-sharing websites share the same viral threat as webmail attachments and pornographic websites -- downloads are unregulated and can easily contain any number of viruses that can threaten the entire network. Additionally, content downloaded through a file-sharing website may be copyrighted, and the download can constitute infringement. Since your company's IP address will be the one used for the download, there is a chance that any legal action taken will be leveled at your company as well as the downloading employee.

Whitelisting

The blacklist approach suffers from a serious flaw -- each blacklisted site has to be added individually. While some major websites can easily be blocked in this manner, lesser-known websites can crop up to fill the void. An alternative is to use the whitelist approach -- creating a short list of acceptable websites and blocking access to anything not on the list. The downside to whitelisting is that it can be remarkably restrictive, which may encourage employees to utilize backdoors and other tools to access blacklisted materials. These backdoors constitute a vulnerability where your firewall is powerless to prevent unapproved content from entering the system.